Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 3d15a94add73c195fa0e68250afae8c030818437
commit3d15a94add73c195fa0e68250afae8c030818437[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Mar 14 14:46:21 2021 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Mon Mar 15 22:53:12 2021 +0000
treefbeb215d01c93f5dbf471689fccf2371f44bfb34
parentf7b87c83fa5a8f3f30058033ea41d4f24836d44a [diff]
Document ASN1_TYPE and related functions.

The representation here is a bit more messy than necessary. In doing so,
clean up the variable names and smooth away two rough edges:

- X509_ALGOR_get0 would leave *out_param_value uninitialized if
  *out_param_type is V_ASN1_UNDEF. Instead, set it to NULL, so callers
  do not accidentally use an uninitialized pointer.

- X509_PUBKEY_set0_param, if key is NULL, would leave the key alone. No
  one calls this function externally and none of the (since removed)
  callers in OpenSSL rely on this behavior. A NULL check here adds a
  discontinuity at the empty string that seems unnecessary here:
  changing the algorithm without changing the key isn't useful.
  (Note the API doesn't support changing the key without the algorithm.)

Note for reviewing: the representation of ASN1_TYPE is specified
somewhat indirectly. ASN1_TYPE uses the ASN1_ANY ASN1_ITEM, which has
utype V_ASN1_ANY. Then you look at asn1_d2i_ex_primitive and asn1_ex_c2i
which peel off the ASN1_TYPE layer and parse directly into the value
field, with a fixup for NULL. Hopefully we can rework this someday...

Change-Id: I628c4e20f8ea2fd036132242337f4dcac5ba5015
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46165
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
5 files changed
tree: fbeb215d01c93f5dbf471689fccf2371f44bfb34
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. API-CONVENTIONS.md
  13. BREAKING-CHANGES.md
  14. BUILDING.md
  15. CMakeLists.txt
  16. codereview.settings
  17. CONTRIBUTING.md
  18. FUZZING.md
  19. go.mod
  20. go.sum
  21. INCORPORATING.md
  22. LICENSE
  23. PORTING.md
  24. README.md
  25. SANDBOXING.md
  26. sources.cmake
  27. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: